SIEGE is an automated test case generator targeting any method in the classpath

Simple proof of concept of Log4Shell vulnerability in a spring boot vulnerable application environment.

Allows importing of CVE Data from NVD into PostgreSQL. By taking in JSON data and converting it to a more usable relational dataset

A tool to fetch CVE and CPE data (including match criteria) from NIST's NVD API, along with CWE data from MITRE.

🚀 Free vulnerability scanner for Maven projects. Detect CVEs, track security trends, and generate comprehensive reports. Built on OWASP Dependency-Check with enterprise-grade performance.

两年多以前，Chris Frohoff 和 Gabriel Lawrence 发表了关于 Java 对象反序列化漏洞的研究，这一研究最终导致 Java 历史上最大的一波远程代码执行漏洞的爆发。 后续研究表明，这些漏洞不仅限于 Java 序列化或 XStream 这样的机制，还可以应用于其他机制。

Analyzes your Java Maven Project dependencies for security issues and technical debts (CVE/EOL/+).

JNDI-Injection-Exploit 是一个用于生成可用 JNDI 链接并提供后台服务的工具，支持启动 RMI 服务器、LDAP 服务器和 HTTP 服务器。其 RMI 和 LDAP 服务基于 marshalsec，并进行修改以与 HTTP 服务联动。

Security Research and PoC

This repository contains a backend using Spring Boot, JPA, and H2 to manage and display over 10,000 CVE records. It fetches CVE data from a public source, stores it in H2, and provides custom endpoints with filtering by year, metric score, and last modified date. Built with MVC architecture for structured data handling and web page integration.

Exploit app for CVE-2021-39670 and CVE-2021-39690, two permanent denial-of-service vulnerabilities in Android's wallpaper system

PDoS using race condition in ActivityManager's CoreSettingsObserver

Burp Suite Extension with MCP Server to enhance manual application security testing

CVE-2020-7200: HPE Systems Insight Manager (SIM) RCE PoC

A Java Agent that disables Apache Log4J's JNDI Lookup to mitigate CVE-2021-44228 ("Log4Shell").

CVE-2024-4040 PoC

Analysis of vulnerabilities from security audit | CVEs

PoC of CVE-2022-22978 vulnerability in Spring Security framework

Analysis of the Jackson Databind CVE's